Hmm that seems like it might address a slightly different issue, but I will read more about that.

Compare www.paypаl.com vs www.paypal.com. On this computer, it's impossible to tell that the two strings are different by looking at them. On another computer, it's very hard.

This is concern #1 of mine Using UTF-8 Encoding to Bypass Validation Logic

This has nothing to do with Unicode. It's strictly a UTF-8 problem. Since you should decode text before working with it, there's no problem.

Take U+00C9. It could be encoded as

C3 89
[download]

or as

E0 83 89
[download]

If you work with the characters in their encoded form, they appear to be two different characters. Once you decode them, you're only dealing with character U+00C9. There's no problem if your decoder works properly.

(A quick test shows that Encode only accepts the shortest form. The longer forms are treated as invalid. That's good.)